Securityminders’ George Moraetes: Risk Assessment Could Help Evaluate Cloud Providers for FedRAMP Compliance

George Moraetes, vice president, chief security officer and architect at Securityminders, has said federal agencies should take several measures to evaluate cloud service providers for compliance with the Federal Risk and Authorization Management Program and one of those is through cloud risk assessment.

Moraetes wrote in a guest piece published Thursday on IBM’s Security Intelligence that agencies that aim to move workloads to the cloud should classify data based on sensitivity and type.

“You may also want to perform a security assessment to determine whether a public, private or hybrid cloud solution carries more or less risk than simply hosting the data on-premises,” he noted.

He also called on organizations to develop a security policy in an effort to outline the risks and controls related to a cloud platform and identify applications and data that are suitable and secure enough for cloud migration.

Moraetes noted that CSPs offer cloud platforms through software-as-a-service, infrastructure-as-a-service and platform-as-a-service business models.

“These common cloud services should be evaluated according to the organization’s cloud security policy and risk assessment,” he added.

Agencies should also evaluate CSPs based on authentication protocols, data backup, encryption, data deletion, security procedures and data ownership, Moraetes wrote.

You may also be interested in...

NEXT-C Johns Hopkins APL photo

Johns Hopkins APL Helps Equip DART Spacecraft With NASA-Made Propulsion Tech

Johns Hopkins University Applied Physics Laboratory has incorporated a propulsion technology built by NASA into a spacecraft designed to support the agency's demonstration of its first planetary defense capability.


CompTIA Receives DoD OK for Penetration Testing Certification

The Department of Defense has approved a CompTIA certification exam designed to measure cybersecurity skills necessary to conduct penetration testing and manage vulnerabilities in an information technology system.

50W Ka-band BUC

Gilat Subsidiary to Deliver Ka-Band Block Upconverter for Military Comms Program

Gilat Satellite Networks' Wavestream subsidiary has secured a delivery order of an undisclosed sum to provide a high-power 50-watt Ka-band block upconverter in support of a U.S. military communications program.